中国与刚果个人数据保护法律保护研究    

 NTSOUMOU MBOULOU ; JDY CLOUD    

 公开    

 eng    

 030109    

 国际法学    

 硕士    

 法学硕士    

 学术学位    

 2024    

 北京校区培养    

 法学院    

 数据法律    

 吴沈括    

 法学院    

 2024-06-11    

 2024-05-17    

 Legal Protection of Personal Data in China and Congo    

 个人数据保护法 ; 个人信息保护法 ; 刚果    

 Personal Information Protection Law ; Personal Data Protection Law ; Congo ; Digital Law    

 82    

 The rapid advancement of information technologies is intricately linked with data; indeed, data stands at the nucleus of this development as both an indispensable raw material and end product. To ensure the lawful, effective, and beneficial utilization of data, governments worldwide are continuously crafting and refining legislation in this domain. China has emerged as a significant player in the realm of legal protection of personal data, transitioning from relatively weak legislation to a more mature and robust framework over the past decade. Since the implementation of the Cybersecurity Law in June 2017, China has undergone significant transformations, refining its personal data protection regime to enhance efficiency. The enactment of the Personal Information Protection Law (PIPL) marks a culmination of this process, solidifying China’s stance, and approach towards personal data protection. Presently, China's data protection framework, anchored by the PIPL, while still evolving, offers heightened protection while exhibiting distinctive characteristics compared to other major players such as the European Union (EU) and the United States (US). A notable example of this divergence is the preference for the term "Personal Information" over "Personal Data" in Chinese legislation, reflecting unique legal values and core interests integral to understanding the specificities of its approach to personal information protection. In contrast, the Congo has a more recent history with Personal Data Protection, having enacted its Personal Data Protection Law (PDPL) only in October 2019. Arising directly from the Malabo Convention on cybersecurity and data protection AND the CEMAC model law on Personal Data Protection, the PDPL inherits many of their weaknesses, compounded by challenges inherent to local realities, resulting in a comparatively weak protection of personal data. Despite predating the Chinese PIPL, the Congolese PDPL represents the country's initial endeavor to establish a substantive legal foundation for Personal Data Protection. Prior to the PDPL, no regulations, specifications, industry guidelines, or norms existed. However, since its enforcement, significant gaps persist between the law's provisions and on-the-ground realities, necessitating substantial clarifications and complementary regulations. Progressing forward is a painstaking endeavor, requiring dedicated time, effort, and resources to address identified deficiencies. Consequently, the Congo may turn to more advanced legislation, such as the PIPL, to glean insights for improvement. The choice of China for comparison may not seem immediately obvious given differences in values, interests, and policies. However, this choice is justified by the distinctive nature of Chinese data protection legislation, which, as noted by scholars, represents a unique third pathway between the US and EU approaches. While the EU prioritizes citizens' fundamental right to privacy and the US emphasizes economic freedom and free markets, Chinese legislation, particularly with the PIPL at its core, bridges rights-based considerations with economic imperatives. Additionally, it introduces mechanisms tailored to address significant concerns within the Chinese political and legal landscape, such as cyber sovereignty, extraterritoriality, and digital governance. This positioning makes China a de facto model for smaller countries seeking to establish or enhance their data protection frameworks. Historically influenced by France and Europe in legislative matters due to colonial heritage and longstanding economic and academic ties, the Congo is now charting its own course. In this transition, the Congolese legislature seeks inspiration from diverse international and regional sources, including countries with differing legal systems and cultures. Therefore, China and the PIPL can offer valuable insights and a fresh perspective on Congolese Data Protection Law. A crucial aspect of data is its inherent transferability, often necessitating sharing across borders and jurisdictions. This Transborder Flow of Data (TFD) presents significant political, financial, and legal challenges. In response, China and the Republic of Congo have adopted distinct approaches influenced by political agendas, economic strategies, and vested interests. Learning from the Chinese approach, could bridge existing gaps in the Congolese legislation, fostering economic growth while ensuring data protection. This study aims to comprehensively analyze the PIPL and PDPL, focusing on their respective approaches to data processing, principles governing data handling, data flows, roles of stakeholders, and supervisory authorities involved in personal data protection, thus answering the question of “how personal data are protected in both legislations?”. The first part will concentrate on China and the PIPL, supplemented by relevant legal documents issued by state councils or authorities responsible for personal information protection to deepen understanding and explore implementation nuances. Subsequently, attention will shift to Congolese legislation, with a primary focus on the PDPL. Through thorough examination and comparison, this study seeks to elucidate the strengths and weaknesses of both legislations and propose potential amendments. This research will analyze the convergences and divergences of national laws, legal interpretations, decisions, and cases, serving as a foundation for addressing enforcement challenges. Key issues to be addressed include leveraging the Chinese legislation as a blueprint for enhancing data protection in the Congo, particularly in reinforcing safeguards, mitigating risks, and adapting to evolving cyber landscapes. Additionally, challenges associated with extraterritorial data transfers will be explored, emphasizing the need for specialized criteria and collaborative frameworks to navigate these complexities. Research methodologies will encompass detailed legislative analysis, case studies, and comparative research between China and Congo. By enhancing awareness and understanding of data protection regulations at national and international levels, this study aims to relate relevant and actionable information for legal experts, as well as individuals. Through comparative analysis, underscore the importance of legislative improvements and international cooperation. Real-world case studies will elucidate practical challenges and resolutions, facilitating effective interpretation and implementation of legislation. The focus of this research lies in its detailed examination of the Congolese Data Protection Legal regime, coupled with a comparative analysis with Chinese legislation. By offering insights and recommendations for cooperation and harmonization, this study seeks to contribute to the ongoing evolution of data protection frameworks, particularly in emerging economies like the Congo.    

 硕030109/24006    

 2025-06-11